Lucene search
+L

9 matches found

OSV
OSV
added last week3 views

RLSA-2026:36879 Important: tomcat security, bug fix, and enhancement update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor CVE-2026-29146 Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive...

7.5CVSS7AI score0.21691EPSS
Exploits6References3
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.8 views

RockyLinux 10 : tomcat9 (RLSA-2026:36790)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:36790 advisory. Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor CVE-2026-29146 Apache Tomcat: Apache Tomcat...

9.1CVSS6.8AI score0.21691EPSS
Exploits8References27
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-4807

Malware in sbrugna...

5CVSS6.4AI score0.01205EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/11/15 5:7 p.m.9 views

tomcat: improper cleaning of recycled objects could lead to information leak

A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information...

5.3CVSS6.8AI score0.0216EPSS
Exploits1References6
OSV
OSV
added 2022/04/30 6:22 p.m.11 views

GHSA-R6CF-CR44-M8RR Apache Tomcat Leaks Pathname Information via Error Message

Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by 1 +/, 2 /, 3 /, and 4 %20/, which leaks the pathname in an error message...

6.9CVSS6.5AI score0.07314EPSS
Exploits1References13
OSV
OSV
added 2021/02/19 1:54 p.m.9 views

SUSE-SU-2021:0531-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2021-24122: Fixed an information disclosure if resources are served from the NTFS file system bsc1180947...

5.9CVSS6.3AI score0.22852EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/25316/info Apache Tomcat is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data. Attackers can exploit these issues to access potentially sensitive data that...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2011/06/22 11:31 p.m.6 views

tomcat: information disclosure in authentication headers

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...

2.6CVSS6.1AI score0.52507EPSS
Exploits6References4
RedHat Linux
RedHat Linux
added 2010/08/04 9:30 p.m.8 views

tomcat6 Information disclosure in authentication classes

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...

4.3CVSS6.2AI score0.9444EPSS
Exploits4References4
Rows per page
Query Builder